I don't know if this is "normal", but I don't find it logic, so I googled about 1/2hrs for it, but didn't find anything usefull.

I have 3 accounts on my mac X.2.8, that's me, my brother, and my dad.

You all know the Home folder, where you find the folders "Images", "Music", "Sites", "Public", "Documents", etc.

As you probably know, the HOME directory can be opened by other accounts (when THEY log in). But they can't open what's inside the HOME dir (e.g. my brother can see what's inside my Home, but he can't see the songs in my music folder). The only 2 folders in your Home that can be opened by others, are "Public" and "Sites".

So far, no problem. But when I make a new folder inside my Home (let's call it "Dirty Movies"), then by default any user has read/write permissions for it. I don't find this logic.

I tried to restore the permissions via several ways (reboot with cd, and via terminal), but the home directories remain untouched/unrepaired.

Is this
A) a security issue that cannot be solved, and shold I change permissions for every new folder I make in the Home? or
B) something I messed up...?

I'm not a Win fan, but I must say, in XpPro you can set permissions for a directory, and set/unset that this directory should automatically copy the same permissions for new items created inside. E.g. I can set it for my Home dir, and every new folder created inside the Home, gets te same permissions.
Can this be done with OsX.2.8?

Thanks in advance

Kokopelli

05-21-2005 06:27 PM

there are a number of ways to accomplish what you desire. What I am describing is the *nix way via command line. There may be an easier way via the GUI but I never bothered learning it.

1) Open a terminal
2) type "cd ~;ls -l"

without going into detail "drwx------" means only you have access to the directory. "drwxr-xr-x" means you have read/write rights and everyone else can read as well as get directory listings. So we want to change the latter to the former.
3) from our home directory (which you should be in unless you changed it) type :
"chmod -R og-rwx 'dirty movies'"
in order this command says we are:
a) changing permissions (chmod)
b) want the change to effect all subfolders (-R)
c) the change is to the permissions of others and the group (og)
d) we are removing read, write, and execute rights (-rwx)
e) on the directory 'dirty movies'

NOTE: you will need the single quotes if there is a space in the name such as 'dirty movies'. Further while your family will not be able to enter the folder they will be aware there is a folder called 'dirty movies' so I suggest sticking such a folder inside a more innocently named folder that only you have access to.

for more reading on this esoteria you can use the command "man chmod"

hope that helps.

Kokopelli

05-21-2005 06:34 PM

By the way, the behavior is correct from a Unix standpoint. Any new directory created will by default inherit the parent directories access settings. In the case of home folders that is dwrxr-x-r-x with the owner and group being the user whose home folder it is. If custom permissions are required they should be configured by hand either from the GUI or command line.

fearlessfreap24

05-21-2005 08:21 PM

Quote:

Originally Posted by Kokopelli

there are a number of ways to accomplish what you desire. What I am describing is the *nix way via command line. There may be an easier way via the GUI but I never bothered learning it.

1) Open a terminal
2) type "cd ~;ls -l"

without going into detail "drwx------" means only you have access to the directory. "drwxr-xr-x" means you have read/write rights and everyone else can read as well as get directory listings. So we want to change the latter to the former.
3) from our home directory (which you should be in unless you changed it) type :
"chmod -R og-rwx 'dirty movies'"
in order this command says we are:
a) changing permissions (chmod)
b) want the change to effect all subfolders (-R)
c) the change is to the permissions of others and the group (og)
d) we are removing read, write, and execute rights (-rwx)
e) on the directory 'dirty movies'

NOTE: you will need the single quotes if there is a space in the name such as 'dirty movies'. Further while your family will not be able to enter the folder they will be aware there is a folder called 'dirty movies' so I suggest sticking such a folder inside a more innocently named folder that only you have access to.

for more reading on this esoteria you can use the command "man chmod"

hope that helps.

wow, just wow

i tried adding to your karma for this but i had just given you karma for another post.

Avalon

05-22-2005 04:13 AM

The GUI-way for changing a folder's access permissions and ownership is to ctrl-klick the folder, choose "Get Info" in the context menu. There you will find at the bottom "Ownership & Permissions" and "Details".
Here you can set the access rights.

koert

05-22-2005 04:23 AM

Quote:

Originally Posted by Kokopelli

If custom permissions are required they should be configured by hand either from the GUI or command line.

Okay, so I will just have to learn how to live with it.
Anyway, it sucks. Maybe I will try to make my life easier by writing a small script that can be run periodically, and does this for me, for all items but not Pub and Sites.

By the way thanks for the first reply, but it's the same when I select my Home folder, then open the Finder info window (Applebutton-I), and change the crap listed here. This is the GUI way you said. Issue remains: solution isn't sticky, so I have to do this everytime when I make a new item in my Home.

Kokopelli

05-22-2005 07:11 AM

Or you could put your added folders into a subfolder with adjusted permissions. Then you will not need to remember to do anything. This will only be a problem if you are continually creating directories in the base of your home folder. Another option would be to lock down your base home directory (don't do it recursively though) and create links to the directories you want to share somewhere publicly accessible like the Shared folder.

On a side note why is it that using info prompts you for a password? I'll stick with chmod, it's faster once you learn the commands.

Finally, fearlessfreap24, you're making me blush. :)

jeremyjones

05-22-2005 12:29 PM

I posted on another thread that a utility to change permissions is Batchmod. It works great. You can find it here.

It is a GUI to change permissions. No more command line. I use it all the time at work.

koert

05-23-2005 02:48 PM

Quote:

Originally Posted by Kokopelli

Or you could put your added folders into a subfolder with adjusted permissions.

That's an easy and good solution, but it had been nice to see these items listed when clicking the "home" button in the finder.

Quote:

Originally Posted by Kokopelli

On a side note why is it that using info prompts you for a password?

...you don't have to use the "hanglock" feature, but it's advised. If you change permissions of an item, you can "secure" them by clicking the hanglock symbol, so nobody will be able to change permissions on the fly via the GUI. We all know that this isn't waterproof if you know some terminal basics, but it might avoid accidental changings of permissions (maybe by others).